Deriving the Relationship between Organizational Culture and Information Security Culture

Despite the widely recognized importance of information security as vital assets in organization, there is a little understanding of how organizations actually promote information security culture amongst the employee in particular environment. The diversity of problem facing the public-service organization is paramount than before as competitive growth of services and rapid changes in technology. As information technology is widely adopted, the organization must undergo boundless transformational to fulfill the nations demand yet provide a good information security management system to ensure their business continuity. This research looks into the social aspects of information security. It reviews the relationship between organizational culture and information security culture. It further identifies key factors influencing information security culture in the organization. A review based on multiple definitions and descriptions of security culture from previous study were conducted. This study shows the relationship between organizational culture and information security culture. This relationship becomes the guidelines for the organization to understand the main factors for their employee to perform security practice. This in-progress study will further use to develop a conceptual model that suggests organization in promoting information security that will be further evaluated with government-supported healthcare organization